Epoch Times broke the news after being approached by darknet investigator Ed Alexander, who apparently saw hackers "capturing card numbers and full identities,” including answers to personal questions usually used during password recovery. Apparently, the first thing he did was take his iPhones off Apple Pay. He found customised cyberattack files, designed to target specific companies, and had configuration files for Sentry MBA, a popular ‘credential stuffing’ tool.

Here’s how credential stuffing works: People usually use the same password over multiple services, and when one gets breached, chances are the password on other services don’t get changed. So, hackers buy a cracked database on the dark web, feed it to Sentry MBA to see if any of the previous passwords still work. The Epoch Times claims the technique is ‘extremely effective’.

"In the case of credential stuffing, the most commonly used standalone management tool we have observed enabling attacks is called Sentry MBA,” explain cybersecurity researchers at Shape Security.

“A Sentry MBA config file contains, among other items, the URL for a website's login page, field markers to help navigate form elements, and rules for valid password constructions. A number of forums offer a wide variety of working configurations for various websites."